okta.policy.Password
Explore with Pulumi AI
Creates a Password Policy. This resource allows you to create and configure a Password Policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.policy.Password("example", {
name: "example",
status: "ACTIVE",
description: "Example",
passwordHistoryCount: 4,
groupsIncludeds: [everyone.id],
});
import pulumi
import pulumi_okta as okta
example = okta.policy.Password("example",
name="example",
status="ACTIVE",
description="Example",
password_history_count=4,
groups_includeds=[everyone["id"]])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewPassword(ctx, "example", &policy.PasswordArgs{
Name: pulumi.String("example"),
Status: pulumi.String("ACTIVE"),
Description: pulumi.String("Example"),
PasswordHistoryCount: pulumi.Int(4),
GroupsIncludeds: pulumi.StringArray{
everyone.Id,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Policy.Password("example", new()
{
Name = "example",
Status = "ACTIVE",
Description = "Example",
PasswordHistoryCount = 4,
GroupsIncludeds = new[]
{
everyone.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.Password;
import com.pulumi.okta.policy.PasswordArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Password("example", PasswordArgs.builder()
.name("example")
.status("ACTIVE")
.description("Example")
.passwordHistoryCount(4)
.groupsIncludeds(everyone.id())
.build());
}
}
resources:
example:
type: okta:policy:Password
properties:
name: example
status: ACTIVE
description: Example
passwordHistoryCount: 4
groupsIncludeds:
- ${everyone.id}
Create Password Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Password(name: string, args?: PasswordArgs, opts?: CustomResourceOptions);
@overload
def Password(resource_name: str,
args: Optional[PasswordArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Password(resource_name: str,
opts: Optional[ResourceOptions] = None,
auth_provider: Optional[str] = None,
call_recovery: Optional[str] = None,
description: Optional[str] = None,
email_recovery: Optional[str] = None,
groups_includeds: Optional[Sequence[str]] = None,
name: Optional[str] = None,
password_auto_unlock_minutes: Optional[int] = None,
password_dictionary_lookup: Optional[bool] = None,
password_exclude_first_name: Optional[bool] = None,
password_exclude_last_name: Optional[bool] = None,
password_exclude_username: Optional[bool] = None,
password_expire_warn_days: Optional[int] = None,
password_history_count: Optional[int] = None,
password_lockout_notification_channels: Optional[Sequence[str]] = None,
password_max_age_days: Optional[int] = None,
password_max_lockout_attempts: Optional[int] = None,
password_min_age_minutes: Optional[int] = None,
password_min_length: Optional[int] = None,
password_min_lowercase: Optional[int] = None,
password_min_number: Optional[int] = None,
password_min_symbol: Optional[int] = None,
password_min_uppercase: Optional[int] = None,
password_show_lockout_failures: Optional[bool] = None,
priority: Optional[int] = None,
question_min_length: Optional[int] = None,
question_recovery: Optional[str] = None,
recovery_email_token: Optional[int] = None,
skip_unlock: Optional[bool] = None,
sms_recovery: Optional[str] = None,
status: Optional[str] = None)
func NewPassword(ctx *Context, name string, args *PasswordArgs, opts ...ResourceOption) (*Password, error)
public Password(string name, PasswordArgs? args = null, CustomResourceOptions? opts = null)
public Password(String name, PasswordArgs args)
public Password(String name, PasswordArgs args, CustomResourceOptions options)
type: okta:policy:Password
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var passwordResource = new Okta.Policy.Password("passwordResource", new()
{
AuthProvider = "string",
CallRecovery = "string",
Description = "string",
EmailRecovery = "string",
GroupsIncludeds = new[]
{
"string",
},
Name = "string",
PasswordAutoUnlockMinutes = 0,
PasswordDictionaryLookup = false,
PasswordExcludeFirstName = false,
PasswordExcludeLastName = false,
PasswordExcludeUsername = false,
PasswordExpireWarnDays = 0,
PasswordHistoryCount = 0,
PasswordLockoutNotificationChannels = new[]
{
"string",
},
PasswordMaxAgeDays = 0,
PasswordMaxLockoutAttempts = 0,
PasswordMinAgeMinutes = 0,
PasswordMinLength = 0,
PasswordMinLowercase = 0,
PasswordMinNumber = 0,
PasswordMinSymbol = 0,
PasswordMinUppercase = 0,
PasswordShowLockoutFailures = false,
Priority = 0,
QuestionMinLength = 0,
QuestionRecovery = "string",
RecoveryEmailToken = 0,
SkipUnlock = false,
SmsRecovery = "string",
Status = "string",
});
example, err := policy.NewPassword(ctx, "passwordResource", &policy.PasswordArgs{
AuthProvider: pulumi.String("string"),
CallRecovery: pulumi.String("string"),
Description: pulumi.String("string"),
EmailRecovery: pulumi.String("string"),
GroupsIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
PasswordAutoUnlockMinutes: pulumi.Int(0),
PasswordDictionaryLookup: pulumi.Bool(false),
PasswordExcludeFirstName: pulumi.Bool(false),
PasswordExcludeLastName: pulumi.Bool(false),
PasswordExcludeUsername: pulumi.Bool(false),
PasswordExpireWarnDays: pulumi.Int(0),
PasswordHistoryCount: pulumi.Int(0),
PasswordLockoutNotificationChannels: pulumi.StringArray{
pulumi.String("string"),
},
PasswordMaxAgeDays: pulumi.Int(0),
PasswordMaxLockoutAttempts: pulumi.Int(0),
PasswordMinAgeMinutes: pulumi.Int(0),
PasswordMinLength: pulumi.Int(0),
PasswordMinLowercase: pulumi.Int(0),
PasswordMinNumber: pulumi.Int(0),
PasswordMinSymbol: pulumi.Int(0),
PasswordMinUppercase: pulumi.Int(0),
PasswordShowLockoutFailures: pulumi.Bool(false),
Priority: pulumi.Int(0),
QuestionMinLength: pulumi.Int(0),
QuestionRecovery: pulumi.String("string"),
RecoveryEmailToken: pulumi.Int(0),
SkipUnlock: pulumi.Bool(false),
SmsRecovery: pulumi.String("string"),
Status: pulumi.String("string"),
})
var passwordResource = new Password("passwordResource", PasswordArgs.builder()
.authProvider("string")
.callRecovery("string")
.description("string")
.emailRecovery("string")
.groupsIncludeds("string")
.name("string")
.passwordAutoUnlockMinutes(0)
.passwordDictionaryLookup(false)
.passwordExcludeFirstName(false)
.passwordExcludeLastName(false)
.passwordExcludeUsername(false)
.passwordExpireWarnDays(0)
.passwordHistoryCount(0)
.passwordLockoutNotificationChannels("string")
.passwordMaxAgeDays(0)
.passwordMaxLockoutAttempts(0)
.passwordMinAgeMinutes(0)
.passwordMinLength(0)
.passwordMinLowercase(0)
.passwordMinNumber(0)
.passwordMinSymbol(0)
.passwordMinUppercase(0)
.passwordShowLockoutFailures(false)
.priority(0)
.questionMinLength(0)
.questionRecovery("string")
.recoveryEmailToken(0)
.skipUnlock(false)
.smsRecovery("string")
.status("string")
.build());
password_resource = okta.policy.Password("passwordResource",
auth_provider="string",
call_recovery="string",
description="string",
email_recovery="string",
groups_includeds=["string"],
name="string",
password_auto_unlock_minutes=0,
password_dictionary_lookup=False,
password_exclude_first_name=False,
password_exclude_last_name=False,
password_exclude_username=False,
password_expire_warn_days=0,
password_history_count=0,
password_lockout_notification_channels=["string"],
password_max_age_days=0,
password_max_lockout_attempts=0,
password_min_age_minutes=0,
password_min_length=0,
password_min_lowercase=0,
password_min_number=0,
password_min_symbol=0,
password_min_uppercase=0,
password_show_lockout_failures=False,
priority=0,
question_min_length=0,
question_recovery="string",
recovery_email_token=0,
skip_unlock=False,
sms_recovery="string",
status="string")
const passwordResource = new okta.policy.Password("passwordResource", {
authProvider: "string",
callRecovery: "string",
description: "string",
emailRecovery: "string",
groupsIncludeds: ["string"],
name: "string",
passwordAutoUnlockMinutes: 0,
passwordDictionaryLookup: false,
passwordExcludeFirstName: false,
passwordExcludeLastName: false,
passwordExcludeUsername: false,
passwordExpireWarnDays: 0,
passwordHistoryCount: 0,
passwordLockoutNotificationChannels: ["string"],
passwordMaxAgeDays: 0,
passwordMaxLockoutAttempts: 0,
passwordMinAgeMinutes: 0,
passwordMinLength: 0,
passwordMinLowercase: 0,
passwordMinNumber: 0,
passwordMinSymbol: 0,
passwordMinUppercase: 0,
passwordShowLockoutFailures: false,
priority: 0,
questionMinLength: 0,
questionRecovery: "string",
recoveryEmailToken: 0,
skipUnlock: false,
smsRecovery: "string",
status: "string",
});
type: okta:policy:Password
properties:
authProvider: string
callRecovery: string
description: string
emailRecovery: string
groupsIncludeds:
- string
name: string
passwordAutoUnlockMinutes: 0
passwordDictionaryLookup: false
passwordExcludeFirstName: false
passwordExcludeLastName: false
passwordExcludeUsername: false
passwordExpireWarnDays: 0
passwordHistoryCount: 0
passwordLockoutNotificationChannels:
- string
passwordMaxAgeDays: 0
passwordMaxLockoutAttempts: 0
passwordMinAgeMinutes: 0
passwordMinLength: 0
passwordMinLowercase: 0
passwordMinNumber: 0
passwordMinSymbol: 0
passwordMinUppercase: 0
passwordShowLockoutFailures: false
priority: 0
questionMinLength: 0
questionRecovery: string
recoveryEmailToken: 0
skipUnlock: false
smsRecovery: string
status: string
Password Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Password resource accepts the following input properties:
- Auth
Provider string - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- Call
Recovery string - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Description string
- Policy Description
- Email
Recovery string - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Groups
Includeds List<string> - List of Group IDs to Include
- Name string
- Policy Name
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- Password
Lockout List<string>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default:
8
- Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Priority int
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Status string
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Auth
Provider string - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- Call
Recovery string - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Description string
- Policy Description
- Email
Recovery string - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Groups
Includeds []string - List of Group IDs to Include
- Name string
- Policy Name
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- Password
Lockout []stringNotification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default:
8
- Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Priority int
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Status string
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth
Provider String - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call
Recovery String - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description String
- Policy Description
- email
Recovery String - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups
Includeds List<String> - List of Group IDs to Include
- name String
- Policy Name
- password
Auto IntegerUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire IntegerWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History IntegerCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max IntegerAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max IntegerLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min IntegerAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min IntegerLength - Minimum password length. Default:
8
- password
Min IntegerLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password
Min IntegerNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password
Min IntegerSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password
Min IntegerUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority Integer
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question
Min IntegerLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery
Email IntegerToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status String
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth
Provider string - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call
Recovery string - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description string
- Policy Description
- email
Recovery string - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups
Includeds string[] - List of Group IDs to Include
- name string
- Policy Name
- password
Auto numberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary booleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude booleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude booleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude booleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire numberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History numberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password
Lockout string[]Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max numberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max numberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min numberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min numberLength - Minimum password length. Default:
8
- password
Min numberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password
Min numberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password
Min numberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password
Min numberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password
Show booleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority number
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question
Min numberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery string - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery
Email numberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery string - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status string
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth_
provider str - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call_
recovery str - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description str
- Policy Description
- email_
recovery str - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups_
includeds Sequence[str] - List of Group IDs to Include
- name str
- Policy Name
- password_
auto_ intunlock_ minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password_
dictionary_ boollookup - Check Passwords Against Common Password Dictionary. Default:
false
- password_
exclude_ boolfirst_ name - User firstName attribute must be excluded from the password
- password_
exclude_ boollast_ name - User lastName attribute must be excluded from the password
- password_
exclude_ boolusername - If the user name must be excluded from the password. Default:
true
- password_
expire_ intwarn_ days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password_
history_ intcount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password_
lockout_ Sequence[str]notification_ channels - Notification channels to use to notify a user when their account has been locked.
- password_
max_ intage_ days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password_
max_ intlockout_ attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password_
min_ intage_ minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password_
min_ intlength - Minimum password length. Default:
8
- password_
min_ intlowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password_
min_ intnumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password_
min_ intsymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password_
min_ intuppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password_
show_ boollockout_ failures - If a user should be informed when their account is locked. Default:
false
- priority int
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question_
min_ intlength - Min length of the password recovery question answer. Default:
4
- question_
recovery str - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery_
email_ inttoken - Lifetime in minutes of the recovery email token. Default:
60
- skip_
unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms_
recovery str - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status str
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth
Provider String - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call
Recovery String - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description String
- Policy Description
- email
Recovery String - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups
Includeds List<String> - List of Group IDs to Include
- name String
- Policy Name
- password
Auto NumberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire NumberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History NumberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max NumberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max NumberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min NumberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min NumberLength - Minimum password length. Default:
8
- password
Min NumberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password
Min NumberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password
Min NumberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password
Min NumberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority Number
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question
Min NumberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery
Email NumberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status String
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
Outputs
All input properties are implicitly available as output properties. Additionally, the Password resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Password Resource
Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PasswordState, opts?: CustomResourceOptions): Password
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auth_provider: Optional[str] = None,
call_recovery: Optional[str] = None,
description: Optional[str] = None,
email_recovery: Optional[str] = None,
groups_includeds: Optional[Sequence[str]] = None,
name: Optional[str] = None,
password_auto_unlock_minutes: Optional[int] = None,
password_dictionary_lookup: Optional[bool] = None,
password_exclude_first_name: Optional[bool] = None,
password_exclude_last_name: Optional[bool] = None,
password_exclude_username: Optional[bool] = None,
password_expire_warn_days: Optional[int] = None,
password_history_count: Optional[int] = None,
password_lockout_notification_channels: Optional[Sequence[str]] = None,
password_max_age_days: Optional[int] = None,
password_max_lockout_attempts: Optional[int] = None,
password_min_age_minutes: Optional[int] = None,
password_min_length: Optional[int] = None,
password_min_lowercase: Optional[int] = None,
password_min_number: Optional[int] = None,
password_min_symbol: Optional[int] = None,
password_min_uppercase: Optional[int] = None,
password_show_lockout_failures: Optional[bool] = None,
priority: Optional[int] = None,
question_min_length: Optional[int] = None,
question_recovery: Optional[str] = None,
recovery_email_token: Optional[int] = None,
skip_unlock: Optional[bool] = None,
sms_recovery: Optional[str] = None,
status: Optional[str] = None) -> Password
func GetPassword(ctx *Context, name string, id IDInput, state *PasswordState, opts ...ResourceOption) (*Password, error)
public static Password Get(string name, Input<string> id, PasswordState? state, CustomResourceOptions? opts = null)
public static Password get(String name, Output<String> id, PasswordState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auth
Provider string - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- Call
Recovery string - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Description string
- Policy Description
- Email
Recovery string - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Groups
Includeds List<string> - List of Group IDs to Include
- Name string
- Policy Name
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- Password
Lockout List<string>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default:
8
- Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Priority int
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Status string
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Auth
Provider string - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- Call
Recovery string - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Description string
- Policy Description
- Email
Recovery string - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Groups
Includeds []string - List of Group IDs to Include
- Name string
- Policy Name
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- Password
Lockout []stringNotification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default:
8
- Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Priority int
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- Status string
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth
Provider String - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call
Recovery String - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description String
- Policy Description
- email
Recovery String - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups
Includeds List<String> - List of Group IDs to Include
- name String
- Policy Name
- password
Auto IntegerUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire IntegerWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History IntegerCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max IntegerAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max IntegerLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min IntegerAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min IntegerLength - Minimum password length. Default:
8
- password
Min IntegerLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password
Min IntegerNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password
Min IntegerSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password
Min IntegerUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority Integer
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question
Min IntegerLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery
Email IntegerToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status String
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth
Provider string - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call
Recovery string - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description string
- Policy Description
- email
Recovery string - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups
Includeds string[] - List of Group IDs to Include
- name string
- Policy Name
- password
Auto numberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary booleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude booleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude booleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude booleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire numberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History numberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password
Lockout string[]Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max numberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max numberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min numberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min numberLength - Minimum password length. Default:
8
- password
Min numberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password
Min numberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password
Min numberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password
Min numberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password
Show booleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority number
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question
Min numberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery string - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery
Email numberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery string - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status string
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth_
provider str - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call_
recovery str - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description str
- Policy Description
- email_
recovery str - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups_
includeds Sequence[str] - List of Group IDs to Include
- name str
- Policy Name
- password_
auto_ intunlock_ minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password_
dictionary_ boollookup - Check Passwords Against Common Password Dictionary. Default:
false
- password_
exclude_ boolfirst_ name - User firstName attribute must be excluded from the password
- password_
exclude_ boollast_ name - User lastName attribute must be excluded from the password
- password_
exclude_ boolusername - If the user name must be excluded from the password. Default:
true
- password_
expire_ intwarn_ days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password_
history_ intcount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password_
lockout_ Sequence[str]notification_ channels - Notification channels to use to notify a user when their account has been locked.
- password_
max_ intage_ days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password_
max_ intlockout_ attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password_
min_ intage_ minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password_
min_ intlength - Minimum password length. Default:
8
- password_
min_ intlowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password_
min_ intnumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password_
min_ intsymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password_
min_ intuppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password_
show_ boollockout_ failures - If a user should be informed when their account is locked. Default:
false
- priority int
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question_
min_ intlength - Min length of the password recovery question answer. Default:
4
- question_
recovery str - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery_
email_ inttoken - Lifetime in minutes of the recovery email token. Default:
60
- skip_
unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms_
recovery str - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status str
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- auth
Provider String - Authentication Provider:
OKTA
,ACTIVE_DIRECTORY
orLDAP
. Default:OKTA
- call
Recovery String - Enable or disable voice call recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- description String
- Policy Description
- email
Recovery String - Enable or disable email password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- groups
Includeds List<String> - List of Group IDs to Include
- name String
- Policy Name
- password
Auto NumberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire NumberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History NumberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
0
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max NumberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max NumberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min NumberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min NumberLength - Minimum password length. Default:
8
- password
Min NumberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default:
1
- password
Min NumberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default:
1
- password
Min NumberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default:
0
- password
Min NumberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default:
1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority Number
- Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- question
Min NumberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery:
ACTIVE
orINACTIVE
. Default:ACTIVE
- recovery
Email NumberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery:
ACTIVE
orINACTIVE
. Default:INACTIVE
- status String
- Policy Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
Import
$ pulumi import okta:policy/password:Password example <policy id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.